diff --git a/contrib/openldap/core-fd-conf.schema b/contrib/openldap/core-fd-conf.schema
index b2831c699bb00042a92a113ffb5cdff245ca5779..840d1ff2bbd02b1b2ed52ba27ebbe2b0065e3fd5 100644
--- a/contrib/openldap/core-fd-conf.schema
+++ b/contrib/openldap/core-fd-conf.schema
@@ -229,6 +229,12 @@ attributetype ( 1.3.6.1.4.1.38414.8.14.7 NAME 'fdLdapSizeLimit'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE)
+attributetype ( 1.3.6.1.4.1.38414.8.14.8 NAME 'fdWildcardForeignKeys'
+ DESC 'FusionDirectory - Weither or not to enable wildcard searches for foreign keys on dn'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+ SINGLE-VALUE )
+
# Login and session
attributetype ( 1.3.6.1.4.1.38414.8.15.1 NAME 'fdLoginAttribute'
@@ -548,7 +554,7 @@ objectclass ( 1.3.6.1.4.1.38414.8.2.1 NAME 'fusionDirectoryConf'
fdHandleExpiredAccounts $ fdSaslRealm $ fdSaslExop $
fdForcePasswordDefaultHash $
fdListSummary $
- fdModificationDetectionAttribute $ fdLogging $ fdLdapSizeLimit $
+ fdModificationDetectionAttribute $ fdLogging $ fdLdapSizeLimit $ fdWildcardForeignKeys $
fdLoginAttribute $ fdForceSSL $ fdWarnSSL $ fdStoreFilterSettings $ fdSessionLifeTime $
fdHttpAuthActivated $ fdHttpHeaderAuthActivated $ fdHttpHeaderAuthHeaderName $
fdDisplayErrors $ fdLdapMaxQueryTime $ fdLdapStats $ fdDebugLevel $
diff --git a/include/simpleplugin/class_simplePlugin.inc b/include/simpleplugin/class_simplePlugin.inc
index 811f4fd123481a7b3ac84f7e4a9dab01423de7ac..4853b64636e31ac781fbaf8a0727d21fcf432160 100644
--- a/include/simpleplugin/class_simplePlugin.inc
+++ b/include/simpleplugin/class_simplePlugin.inc
@@ -1563,6 +1563,13 @@ class simplePlugin
$ofield = $ref[1];
$filter = $ref[2];
$filtersub = $ref[3];
+ if ($filtersub == '*') {
+ if ($config->get_cfg_value('wildcardForeignKeys', 'TRUE') == 'TRUE') {
+ $filtersub = $ofield.'=*';
+ } else {
+ continue;
+ }
+ }
if ($class == 'aclAssignment') {
/* Special case: aclAssignment foreignKey is ignored on department types as it’s handled by the aclAssignment objectType */
$objectTypes = array('ACLASSIGNMENT');
diff --git a/plugins/admin/departments/class_country.inc b/plugins/admin/departments/class_country.inc
index 9003206e62fef947b280a03a2d36df81bdc61013..ddc06d92bf5a47ec8c1a5ff745945a404eb28b9e 100644
--- a/plugins/admin/departments/class_country.inc
+++ b/plugins/admin/departments/class_country.inc
@@ -38,7 +38,7 @@ class country extends department
'mainAttr' => static::$namingAttr,
)),
'plForeignKeys' => array(
- 'manager' => 'user'
+ 'manager' => array('user','dn','manager=%oldvalue%','*')
),
'plProvidedAcls' => parent::generatePlProvidedAcls(static::getAttributesInfo())
diff --git a/plugins/admin/departments/class_dcObject.inc b/plugins/admin/departments/class_dcObject.inc
index 8f474083a0623b5e0abd3f5033e41abc0fec5fef..ced37a4e78eacb512f01d630d0687461a2955713 100644
--- a/plugins/admin/departments/class_dcObject.inc
+++ b/plugins/admin/departments/class_dcObject.inc
@@ -39,7 +39,7 @@ class dcObject extends department
'mainAttr' => static::$namingAttr,
)),
'plForeignKeys' => array(
- 'manager' => 'user'
+ 'manager' => array('user','dn','manager=%oldvalue%','*')
),
'plProvidedAcls' => parent::generatePlProvidedAcls(static::getAttributesInfo())
diff --git a/plugins/admin/departments/class_department.inc b/plugins/admin/departments/class_department.inc
index 2fdec7cf8180b344ea6e0d72de91b321c0408e8a..319f1fc74ae5b760894c8d613cf9ee4669d91827 100644
--- a/plugins/admin/departments/class_department.inc
+++ b/plugins/admin/departments/class_department.inc
@@ -45,7 +45,7 @@ class department extends simplePlugin
)
),
'plForeignKeys' => array(
- 'manager' => 'user'
+ 'manager' => array('user','dn','manager=%oldvalue%','*')
),
'plProvidedAcls' => parent::generatePlProvidedAcls(static::getAttributesInfo())
diff --git a/plugins/admin/departments/class_domain.inc b/plugins/admin/departments/class_domain.inc
index 31a594a1aae3e56c1727a73f221fd0d4a03c55a9..01994317cb0248fd90d390043212dfc6e5cea627 100644
--- a/plugins/admin/departments/class_domain.inc
+++ b/plugins/admin/departments/class_domain.inc
@@ -39,7 +39,7 @@ class domain extends department
'mainAttr' => static::$namingAttr,
)),
'plForeignKeys' => array(
- 'manager' => 'user'
+ 'manager' => array('user','dn','manager=%oldvalue%','*')
),
'plProvidedAcls' => parent::generatePlProvidedAcls(static::getAttributesInfo())
diff --git a/plugins/admin/departments/class_locality.inc b/plugins/admin/departments/class_locality.inc
index aadf109629af7eba0d920edfd8a342f1983ea168..6f0e8125be07045d7aedb693792afcfeb8f04ac6 100644
--- a/plugins/admin/departments/class_locality.inc
+++ b/plugins/admin/departments/class_locality.inc
@@ -39,7 +39,7 @@ class locality extends department
'mainAttr' => static::$namingAttr,
)),
'plForeignKeys' => array(
- 'manager' => 'user'
+ 'manager' => array('user','dn','manager=%oldvalue%','*')
),
'plProvidedAcls' => parent::generatePlProvidedAcls(static::getAttributesInfo())
diff --git a/plugins/admin/departments/class_organization.inc b/plugins/admin/departments/class_organization.inc
index 89b2c2d3994aa05aeb53ac81c5d3971044db09ac..d633dc3f27cad9bf087e0f0613e41ef7cbb9d8b4 100644
--- a/plugins/admin/departments/class_organization.inc
+++ b/plugins/admin/departments/class_organization.inc
@@ -39,7 +39,7 @@ class organization extends department
'mainAttr' => static::$namingAttr,
)),
'plForeignKeys' => array(
- 'manager' => 'user'
+ 'manager' => array('user','dn','manager=%oldvalue%','*')
),
'plProvidedAcls' => parent::generatePlProvidedAcls(static::getAttributesInfo())
diff --git a/plugins/admin/groups/class_ogroup.inc b/plugins/admin/groups/class_ogroup.inc
index a5001c471a40aa2dd9d02d552097ae5c1b32226c..2dcca5042cde5da498488e028f6ee22e4f445ee0 100644
--- a/plugins/admin/groups/class_ogroup.inc
+++ b/plugins/admin/groups/class_ogroup.inc
@@ -186,17 +186,17 @@ class ogroup extends simplePlugin
)),
'plForeignKeys' => array(
'member' => array(
- array('user'),
- array('ogroup'),
- array('application'),
- array('serverGeneric'),
- array('workstationGeneric'),
- array('terminalGeneric'),
- array('phoneGeneric'),
- array('printGeneric'),
+ array('user', 'dn','member=%oldvalue%','*'),
+ array('ogroup', 'dn','member=%oldvalue%','*'),
+ array('application', 'dn','member=%oldvalue%','*'),
+ array('serverGeneric', 'dn','member=%oldvalue%','*'),
+ array('workstationGeneric', 'dn','member=%oldvalue%','*'),
+ array('terminalGeneric', 'dn','member=%oldvalue%','*'),
+ array('phoneGeneric', 'dn','member=%oldvalue%','*'),
+ array('printGeneric', 'dn','member=%oldvalue%','*'),
),
'owner' => array(
- array('user'),
+ array('user','dn','owner=%oldvalue%','*')
)
),
diff --git a/plugins/admin/groups/class_roleGeneric.inc b/plugins/admin/groups/class_roleGeneric.inc
index d4a2939f7c5bdb3be1a5010c688bd4d46af857f7..5441206a76b5c2d19c14a989996abfec6f12bf8e 100644
--- a/plugins/admin/groups/class_roleGeneric.inc
+++ b/plugins/admin/groups/class_roleGeneric.inc
@@ -65,7 +65,7 @@ class roleGeneric extends simplePlugin
)
),
'plForeignKeys' => array(
- 'roleOccupant' => 'user'
+ 'roleOccupant' => array('user','dn','roleOccupant=%oldvalue%','*')
),
'plProvidedAcls' => parent::generatePlProvidedAcls(static::getAttributesInfo())
diff --git a/plugins/config/class_configInLdap.inc b/plugins/config/class_configInLdap.inc
index a8a346089bf9708c95e019b3add035dcc734a5e5..336b64ce94f99fa6b3a248f0fc1ae68975e6e035 100644
--- a/plugins/config/class_configInLdap.inc
+++ b/plugins/config/class_configInLdap.inc
@@ -142,6 +142,11 @@ class configInLdap extends simplePlugin
'fdSnapshotBase', FALSE,
'ou=snapshots,'.$config->current['BASE']
),
+ new BooleanAttribute (
+ _('Wildcard foreign keys'), _('Enables wildcard searches like member=* when moving a whole departement. This will open all existing groups and roles to make sure foreign keys are respected. Slow on big trees.'),
+ 'fdWildcardForeignKeys', FALSE,
+ TRUE
+ ),
)
),
'password' => array(
diff --git a/plugins/personal/generic/class_user.inc b/plugins/personal/generic/class_user.inc
index 5d69d4f97643a045b14f9f0f9c14d404397168a2..231cf96f6b385ade56f1edd3d273df3d25edb0a5 100644
--- a/plugins/personal/generic/class_user.inc
+++ b/plugins/personal/generic/class_user.inc
@@ -290,7 +290,7 @@ class user extends simplePlugin
'ou' => get_ou('userRDN'),
)),
'plForeignKeys' => array(
- 'manager' => array('user','dn')
+ 'manager' => array('user','dn','manager=%oldvalue%','*')
),
'plProvidedAcls' => array_merge(